#!/usr/bin/perl #---------------------------------------------------------------------------- # # Written by MadHat (madhat@unspecific.com) # # Copyright (c) 2001-2002, MadHat (madhat@unspecific.com) # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # * Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # * Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in # the documentation and/or other materials provided with the distribution. # * Neither the name of MadHat Productions nor the names of its # contributors may be used to endorse or promote products derived # from this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS # "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT # LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS # FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT # OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED # TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR # PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING # NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # #---------------------------------------------------------------------------- $VERSION = '1.0'; use Getopt::Std; use Net::Telnet; use Socket qw(:DEFAULT :crlf); $/ = CRLF; select (STDERR); $|++; select (STDOUT); $|++; my $Marconi=0; eval 'use Marconi'; if ($@) { $Marconi=0; if (-e 'marconi.pm') { eval 'require "./marconi.pm"'; if (!$@) { $Marconi++; } } } else { $Marconi++; } if (!$Marconi) { print "ERROR:\tMarconi not found/installed.\n"; exit; } getopts("t:p:i:l:d:v"); if (!$opt_p) { $opt_p = 23; } if (!$opt_t) { $opt_t = 3; } my @nets; if ( defined($opt_i) ){ open(FIN, "$opt_i" ) || die "cannot open $opt_i\n"; @nets=; close(FIN); } elsif ( defined($opt_l) ) { if ($opt_l eq '-') { $opt_l = join(',', ); } @nets = split(',', $opt_l); } foreach $net (@nets){ chomp $net; next if ($net =~ /^#/ or $net =~ /^$/); print "scanning $net\n" if (defined($opt_v)); @iplist = Marconi::CalculateIPRange($net); push(@totallist, @iplist); } if (!@totallist) { die "Error in the IP list. Check syntax. IP list entered: $iplist Allowed Syntax: a.b.c.d/n - 10.0.0.1/25 a.b.c.* - 10.0.0.* (0-255) same as /24 a.b.c.d/w.x.y.z - 10.0.0.0/255.255.224.0 (standard format) a.b.c.d/w.x.y.z - 10.0.0.0/0.0.16.255 (cisco format) a.b.c.d-z - 10.1.2.0-12 a.b.c-x.* - 10.0.0-3.* (last octet has to be * or 0) a.b.c-x.d - 10.0.0-3.0 hostname - www.unspecific.com \n"; } print "Scanning $#totallist IPs\n" if ($opt_d); &passwd; for ( $i = 0; $i<=$#totallist; $i++ ){ my $ipaddr = $totallist[$i]; chomp $ipaddr; if (Marconi::CheckPort($ipaddr, $opt_p, 'TCP')) { print "Telnet Open on $ipaddr\n" if ($opt_v); $telnet = new Net::Telnet (Timeout => $opt_t, Port => $opt_p); for my $combo (@user) { my ($user, $pass) = split(/\|/, $combo); print "$user, $pass\n" if ($opt_d); $telnet->open($ipaddr); $telnet->login($user, $pass); $telnet->dump_log(STDERR); print $telnet->errmsg . "\n"; } } } sub passwd { @user = ('|1234', 'admin|admin', 'admin|passwd', 'admin|1234', 'guest|guest', 'admin|pass', 'root|root', 'root|pass', 'root|passwd', 'cisco|cisco', 'pix|cisco', 'admin|synnet', 'read|synnet', 'write|synnet', 'monitor|monitor', 'manager|manager', 'security|security', 'tech|tech', 'debug|synnet', 'tech|tech', 'adm|', 'debug|synnet', 'tech|tech', 'tech|tech', '2200|debug', '2700|tech', 'admin|admin', 'admin|', 'none|admin', 'none|l4admin', 'netman|netman', 'n/a|secret', 'sysadm|anicust', 'admin|system', '|1234', '|mcp', 'root|', 'Manager|', 'User|', 'security|security', 'netman|', 'enable|cisco', 'D-Link|D-Link', 'root|par0t', 'later|', 'chochete|tiabuena', 'admin|admin', 'none|none', 'HELLO|MANAGER.SYS', 'HELLO|MGR.SYS', 'HELLO|FIELD.SUPPORT', 'HELLO|HPUNSUP', 'HELLO|SUPPORT', 'HELLO|HP', 'HELLO|OP.OPERATOR', 'MGR|CAROLIAN', 'MGR|CCC', 'MGR|CNAS', 'MGR|CONV', 'MGR|COGNOS', 'MGR|HPDESK', 'MGR|HPWORD', 'MGR|HPP187', 'MGR|HPP189', 'MGR|HPP196', 'MGR|INTX3', 'MGR|ITF3000', 'MGR|NETBASE', 'MGR|REGO', 'MGR|RJE', 'MGR|ROBELLE', 'MGR|SECURITY', 'MGR|SYS', 'MGR|TELESUP', 'MGR|WORD', 'MGR|XLSERVER', 'MGR|HPONLY', 'MGR|HPOFFICE', 'OPERATOR|COGNOS', 'OPERATOR|DISC', 'OPERATOR|SYS', 'OPERATOR|SYSTEM', 'OPERATOR|SUPPORT', 'MGE|VESOFT', 'MGE|VESOFT', 'MANAGER|COGNOS', 'MANAGER|HPOFFICE', 'SPOOLMAN|HPOFFICE', 'ADVMAIL|HPOFFICE', 'WP|HPOFFICE', 'MANAGER|ITF3000', 'MANAGER|SECURITY', 'MANAGER|SYS', 'MANAGER|TCH', 'MANAGER|TELESUP', 'FIELD|HPWORD', 'FIELD|HPP187', 'FIELD|SERVICE', 'FIELD|SUPPORT', 'PCUSER|SYS', 'RSBCMON|SYS', 'MAIL|HPOFFICE', 'MAIL|MAIL', 'MAIL|TELESUP', 'SYS|TELESUP', 'OPERATOR|COGNOS', 'MANAGER|HPOFFICE', 'qsecofr|qsecofr', 'qsysopr|qsysopr', 'qpgmr|qpgmr', 'ibm|password', 'ibm|2222', 'ibm|service', 'qsecofr|1111111', 'qsecofr|2222222', 'qserv|qserv', 'qsvr|qsvr', 'secofr|secofr', 'qsrv|ibmce1', 'ncadmin|ncadmin', '-|letmein', 'guest|none', 'root|toor', 'cablecom|router', 'sa|-', 'admin|NetSeq', '-|1234', 'netopia|netopia', '0000|0000', 'sys|change_on_install', 'Jetform|', '7000|', '!root|', 'sysadm|sysadm', 'Guest|', 'hello|hello', '|admin', '-|hello', 'default.password|', 'admin|password', 'user|password', 'root|uClinux', 'none|amber', 'wradmin|trancell', 'admin|switch', 'admin|password', 'diag|switch', '-|1234', ); } print "\n"; 1